logo

IDmatic Data Privacy Statement

1

Preamble

Digitronix LLC (hereinafter 'IDmatic,' 'we,' 'us,' or 'our') is committed to the protection and preservation of the privacy and security of all personal data under its stewardship. This Data Privacy Statement delineates the policies and procedures governing the collection, utilization, disclosure, and safeguarding of personal data in accordance with the General Data Protection Regulation (GDPR) and all other applicable laws and regulations.

2

Data Controller and Data Processor Roles

Pursuant to the GDPR, IDmatic functions as a Data Processor when engaged in the processing of personal data on behalf of its clients (designated as Data Controllers). Clients, in their capacity as Data Controllers, engage IDmatic for identity verification and associated services. IDmatic adheres meticulously to the documented instructions provided by its clients concerning the handling and processing of personal data.

3

Categories of Personal Data Collected and Processed

In the course of fulfilling its contractual obligations, IDmatic processes the following categories of personal data: - Identification Data: Legal name, nationality, ID number, gender, date of birth, residential address. - Document Data: Passport or ID card details including issuing authority, document number, and expiration date. - Biometric Data: Facial recognition data collected for verification purposes only, not retained beyond immediate use. - Digital Interaction Data: Images, video, and audio collected during liveness and verification procedures.

4

Purpose and Legal Ground for Processing

IDmatic processes personal data for: - Performance of Contractual Obligations (GDPR Art. 6(1)(b)). - Compliance with Legal Obligations, such as anti-money laundering (GDPR Art. 6(1)(c)). - Legitimate Interests, like fraud prevention and secure identity management (GDPR Art. 6(1)(f)).

5

Personal Data Security and Confidentiality

IDmatic employs robust security measures including: - Data Encryption (TLS/SSL in transit, 256-bit at rest). - Strict Access Control with authentication protocols. - Pseudonymization and anonymization when feasible. - Regular Security Audits to maintain compliance and effectiveness.

6

Disclosure and Transfer of Personal Data

IDmatic shares personal data only: - Under Legal Obligations or to protect rights. - With Authorized Sub-Processors like AWS and Google Cloud under GDPR-compliant terms (SCCs if necessary).

7

Retention of Personal Data

Personal data is retained only as necessary for contractual and legal obligations. Biometric data is processed in real-time and not stored. Upon contract termination or client request, data is securely deleted or anonymized.

8

Rights of the Data Subject

Data subjects have rights under GDPR, including: - Access and Rectification - Erasure ('Right to be Forgotten') - Restriction of Processing and Objection - Data Portability Requests should be directed to IDmatic's DPO (see Section 12).

9

Third-Party Data Processors

IDmatic uses limited sub-processors listed in its Data Processing Agreement. All sub-processors comply with GDPR standards, including SCCs for data transfers outside the EEA.

10

Data Breach Notifications

In case of a data breach, IDmatic will notify affected clients and relevant supervisory authorities without undue delay and no later than 24 hours after becoming aware of the breach.

11

Amendments to this Data Privacy Statement

IDmatic may modify this Statement as needed to reflect legal or operational changes. Clients will be notified of material changes, and the latest version will be available on the website.

12

Contact Information

For inquiries or exercising GDPR rights, please contact: Digitronix LLC Email: [email protected] Address: 8 The Green St, STE B, Dover, DE 19901, USA.